Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-05-2013 Ran by Właściciel (administrator) on 19-05-2013 08:18:01 Running from C:\Documents and Settings\Właściciel\Pulpit Microsoft Windows XP Dodatek Service Pack 3 (X86) OS Language: Polish Internet Explorer Version 7 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE (Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (Microsoft Corporation) C:\Program Files\Messenger\MSMSGS.EXE (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe (France Telecom) C:\WINDOWS\System32\FTRTSVC.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (NVIDIA Corporation) C:\WINDOWS\System32\nvsvc32.exe (HP) C:\WINDOWS\System32\HPZipm12.exe () C:\PROGRAM FILES\COMMON FILES\YDP\USERACCESSMANAGER\useraccess.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe (Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe (Google Inc.) C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (Farbar) C:\Documents and Settings\Właściciel\Pulpit\FRST.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [x] HKLM\...\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe [20480 2004-08-23] (France Télécom R&D) HKLM\...\Run: [SoundMan] SOUNDMAN.EXE [x] HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [1848648 2008-03-04] (CANON INC.) HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2005-02-16] (Hewlett-Packard Co.) HKLM\...\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM\...\Run: [nwiz] nwiz.exe /install [x] HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup [4239360 2003-01-10] (NVIDIA Corporation) HKLM Group Policy restriction on software: %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* <====== ATTENTION HKLM\...\Winlogon: [System] Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm URLSearchHook: ATTENTION ==> Default URLSearchHook is missing. URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL () HKLM SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx () Toolbar: HKCU -&Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\System32\browseui.dll (Microsoft Corporation) Toolbar: HKCU -&Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation) PDF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} http://poczta.wp.pl/autoryzacja/mailcfg.ocx PDF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab PDF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37822.4291203704 PDF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab PDF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab PDF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} http://skaner.mks.com.pl/SkanerOnline.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 ========================== Services (Whitelisted) ================= R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2011-10-03] (Firebird Project) R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe [3764224 2011-10-03] (Firebird Project) R2 FTRTSVC; C:\WINDOWS\System32\FTRTSVC.exe [40960 2004-08-23] (France Telecom) R2 UserAccess; C:\PROGRAM FILES\COMMON FILES\YDP\USERACCESSMANAGER\useraccess.exe [53248 2001-12-21] () S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x] S4 HidServ; %SystemRoot%\System32\hidserv.dll [x] ==================== Drivers (Whitelisted) ==================== R3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [701676 2003-02-27] (Realtek Semiconductor Corp.) S3 basic2; C:\Windows\System32\DRIVERS\HSF_BSC2.sys [67167 2001-08-17] (Conexant) S3 e4usbaw; C:\Windows\System32\DRIVERS\e4usbaw.sys [116992 2006-09-19] (Analog Devices Inc.) R2 Fallback; C:\Windows\System32\DRIVERS\HSF_FALL.sys [289887 2001-08-17] (Conexant) R2 Fsks; C:\Windows\System32\DRIVERS\HSF_FSKS.sys [115807 2001-08-17] (Conexant) R2 HPFECP20; C:\Windows\System32\drivers\HPFECP20.SYS [52800 1999-03-05] () S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51120 2004-10-05] (HP) S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2004-10-05] (HP) S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21744 2004-10-05] (HP) S3 hsf_msft; C:\Windows\System32\DRIVERS\HSF_MSFT.sys [542879 2001-08-17] (Conexant) S2 IKANLOADER2; C:\Windows\System32\Drivers\e4ldr.sys [64000 2006-09-15] (Analog Deivces) R2 K56; C:\Windows\System32\DRIVERS\HSF_K56K.sys [391199 2001-08-17] (Conexant) S3 ms_mpu401; C:\Windows\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation) S3 PCANDIS5; C:\WINDOWS\system32\PCANDIS5.SYS [16128 2003-08-04] (Printing Communications Assoc., Inc. (PCAUSA)) S3 Rksample; C:\Windows\System32\DRIVERS\HSF_SAMP.sys [57471 2001-08-17] (Conexant) R3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation) R2 SoftFax; C:\Windows\System32\DRIVERS\HSF_FAXX.sys [199711 2001-08-17] (Conexant) R2 Tones; C:\Windows\System32\DRIVERS\HSF_TONE.sys [50751 2001-08-17] (Conexant) R2 V124; C:\Windows\System32\DRIVERS\HSF_V124.sys [488383 2001-08-17] (Conexant) S4 Abiosdsk; No ImagePath S4 abp480n5; No ImagePath S4 adpu160m; No ImagePath S4 Aha154x; No ImagePath S4 aic78u2; No ImagePath S4 aic78xx; No ImagePath S4 AliIde; No ImagePath S4 amsint; No ImagePath S4 asc; No ImagePath S4 asc3350p; No ImagePath S4 asc3550; No ImagePath S4 Atdisk; No ImagePath S4 cd20xrnt; No ImagePath S1 Changer; No ImagePath S4 CmdIde; No ImagePath S4 Cpqarray; No ImagePath U4 dac2w2k; No ImagePath S4 dac960nt; No ImagePath S4 dpti2o; No ImagePath S3 GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS [x] S4 hpn; No ImagePath S3 HSFHWBS2; System32\DRIVERS\HSFHWBS2.sys [x] S3 HSF_DP; System32\DRIVERS\HSF_DP.sys [x] S1 i2omgmt; No ImagePath S4 i2omp; No ImagePath S4 ini910u; No ImagePath S1 lbrtfdc; No ImagePath S4 mraid35x; No ImagePath S3 PCAMPR5; \??\C:\WINDOWS\system32\PCAMPR5.SYS [x] S1 PCIDump; No ImagePath S3 PDCOMP; No ImagePath S3 PDFRAME; No ImagePath S3 PDRELI; No ImagePath S3 PDRFRAME; No ImagePath S4 perc2; No ImagePath S4 perc2hib; No ImagePath S4 ql1080; No ImagePath S4 Ql10wnt; No ImagePath S4 ql12160; No ImagePath S4 ql1240; No ImagePath S4 ql1280; No ImagePath S4 Simbad; No ImagePath S4 Sparrow; No ImagePath S4 symc810; No ImagePath S4 symc8xx; No ImagePath S4 sym_hi; No ImagePath S4 sym_u3; No ImagePath S4 TosIde; No ImagePath S4 ultra; No ImagePath S4 ViaIde; No ImagePath S3 WDICA; No ImagePath S3 winachsf; System32\DRIVERS\HSF_CNXT.sys [x] ==================== NetSvcs (Whitelisted) =================== NETSVC: Ip6FwHlp -> No Registry Path. ==================== One Month Created Files and Folders ======== 2013-05-19 08:11 - 2013-05-19 08:11 - 00000000 ____D C:\Windows\System32\LogFiles 2013-05-19 07:55 - 2013-05-19 07:55 - 00090112 ____A C:\Windows\Minidump\Mini051913-01.dmp 2013-05-19 07:53 - 2013-05-19 07:54 - 00028380 ____A C:\Windows\KB2829530-IE7.log 2013-05-19 07:52 - 2013-05-19 07:54 - 00004821 ____A C:\Windows\KB2829361.log 2013-05-17 13:41 - 2013-05-17 13:41 - 00000000 ____D C:\FRST 2013-05-17 13:39 - 2013-05-17 13:40 - 00000883 ____A C:\AdwCleaner[R1].txt ==================== One Month Modified Files and Folders ======== 9999-03-10 23:45 - 2012-04-26 09:17 - 00001152 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-1343024091-725345543-1003UA.job 9999-03-10 23:45 - 2012-04-26 09:17 - 00001100 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-1343024091-725345543-1003Core.job 9999-03-10 23:42 - 2007-10-31 12:42 - 00881711 ____A C:\Windows\setupapi.log 9999-03-10 23:41 - 2004-05-08 12:21 - 00000000 ____D C:\Windows\pss 9999-03-10 23:41 - 2003-07-20 20:40 - 00000211 _RASH C:\boot.ini 9999-03-10 23:41 - 2002-09-23 14:00 - 00000999 ____A C:\Windows\win.ini 9999-03-10 23:41 - 2002-09-23 14:00 - 00000246 ____A C:\Windows\system.ini 9999-03-10 23:33 - 2003-07-20 19:41 - 00188504 ____A C:\Windows\setupact.log 2013-05-19 08:18 - 2003-07-20 19:01 - 00000000 ____D C:\Documents and Settings\Właściciel\Pulpit 2013-05-19 08:14 - 2005-01-09 15:07 - 01345091 ____A C:\Windows\WindowsUpdate.log 2013-05-19 08:14 - 2002-09-23 14:00 - 00013716 ____A C:\Windows\System32\wpa.dbl 2013-05-19 08:13 - 2003-07-20 19:44 - 00000159 ____A C:\Windows\wiadebug.log 2013-05-19 08:13 - 2003-07-20 19:44 - 00000050 ____A C:\Windows\wiaservc.log 2013-05-19 08:13 - 2003-07-20 18:57 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-19 08:11 - 2013-05-19 08:11 - 00000000 ____D C:\Windows\System32\LogFiles 2013-05-19 08:11 - 2003-07-20 19:01 - 00032494 ____A C:\Windows\SchedLgU.Txt 2013-05-19 08:11 - 2003-07-20 19:01 - 00000292 ___SH C:\Documents and Settings\Właściciel\ntuser.ini 2013-05-19 07:55 - 2013-05-19 07:55 - 00090112 ____A C:\Windows\Minidump\Mini051913-01.dmp 2013-05-19 07:54 - 2013-05-19 07:53 - 00028380 ____A C:\Windows\KB2829530-IE7.log 2013-05-19 07:54 - 2013-05-19 07:52 - 00004821 ____A C:\Windows\KB2829361.log 2013-05-19 07:46 - 2003-07-20 19:42 - 00955000 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-19 07:46 - 2002-09-23 14:00 - 00439538 ____A C:\Windows\System32\perfh015.dat 2013-05-19 07:46 - 2002-09-23 14:00 - 00068554 ____A C:\Windows\System32\perfc015.dat 2013-05-17 13:41 - 2013-05-17 13:41 - 00000000 ____D C:\FRST 2013-05-17 13:40 - 2013-05-17 13:39 - 00000883 ____A C:\AdwCleaner[R1].txt 2013-04-29 11:42 - 2011-01-23 16:05 - 00000000 ____D C:\Program Files\neostrada tp 2013-04-19 11:18 - 2003-07-20 19:41 - 00255064 ____A C:\Windows\System32\FNTCACHE.DAT ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2003-05-29 11:54] - [2008-04-14 19:21] - 1035264 ____A (Microsoft Corporation) c791ed9eac5e76d9525e157b1d7a599a C:\Windows\System32\winlogon.exe [2002-09-23 14:00] - [2008-04-14 19:21] - 0510464 ____A (Microsoft Corporation) 51fd2e13d723857b9ca239ae77150f48 C:\Windows\System32\svchost.exe [2002-09-23 14:00] - [2008-04-14 19:21] - 0014336 ____A (Microsoft Corporation) 8607d35d92528e2df386f19a960d23ce C:\Windows\System32\services.exe [2002-09-23 14:00] - [2009-02-09 13:25] - 0111104 ____A (Microsoft Corporation) 02a467e27af55f7064c5b251e587315f C:\Windows\System32\User32.dll [2002-09-23 14:00] - [2008-04-14 19:20] - 0580096 ____A (Microsoft Corporation) a435c5c069afd901751ac323ad238793 C:\Windows\System32\userinit.exe [2002-09-23 14:00] - [2008-04-14 19:21] - 0026624 ____A (Microsoft Corporation) 2a5b37d520508be6570a3ea79695f5b5 C:\Windows\System32\Drivers\volsnap.sys [2002-09-23 14:00] - [2008-04-14 18:01] - 0052864 ____A (Microsoft Corporation) 56b191ac5fc0df219949c95a6c87afe7 ==================== End Of Log ============================